Socio-technical Security Risk Modeling and Analysis 1
2015-2016 - IMT4152 - 5 ECTS

Expected learning outcomes


  • The students shall primarily understand the socio-technical ICT evolution that has taken place over the last thirty years that has led to a widening vulnerability gap between what we can do with ICT and what we can cost effective control with ICT.
  • The students shall be given a broad systems theory perspective connected to practical cases so they will have the insight to implement a roadmap for information security in organizations and businesses.


  • The student is capable of analyzing existing theories, methods and interpretations in the field of information security organization and management and socio-technical modeling and working independently on solving theoretical and practical problems.
  • The student can use relevant systems sciences and socio-technical theory in independent research and development in information security organization and management
  • The student is capable of performing critical analysis of various literature sources and applying them in structuring and formulating scientific reasoning information security organization and management.
  • The student is capable of carrying out an independent limited research or development project in information security and management under supervision, following the applicable ethical rules.

General competence

  • The student is capable of analyzing relevant professional and research ethical problems in information security organization and management.
  • The student is capable of applying his/her information security knowledge and skills in new fields, in order to accomplish advanced tasks and projects.
  • The student is capable of discussing professional problems, analyses and conclusions in the information security organization and management, both with specialists and with general audience.
  • The student is capable of contributing to innovation and innovation processes in information security and socio-technical modeling and analysis for information security management.


  • Introduction to Systems Thinking and Socio-technical modeling and analysis
  • Technology Adoption and Security
  • Overview of the Information security landscape
  • How to conduct a socio-technical security and risk assessment of a organization or business.
  • Strategic, Tactical and Operational areas in Information security organization and risk Management.

Teaching Methods


Teaching Methods (additional text)

Lectures will be held to review the most important aspects of the reading material. Seminars will be used to discuss case work.

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC’s learning management system (ClassFronter).

Form(s) of Assessment

Written exam, 2 hours

Form(s) of Assessment (additional text)

  • Written exam – 2 hours, counts 50 %
  • Written essay, counts 50 % (the student will do a simple socio-technical analysis)

In order to achieve a grade in the course, both parts must be passed.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Internal examiner. An external examiner will be used every 4th year. Next time in the school-year 2014/2015.

Re-sit examination

Re-sit August 2016 for the Written exam.

Coursework Requirements


Teaching Materials

  • Systems Thinking.System Dynamics:Managing Change and Complex . Kambiz. E. Maani, Robert Y. Cavana ,2 Ed Pearsons 2007.
  • Roadmap to Information Security, For IT and Infosec Managers, Michael E Whitman, Hervert J Mattord,, Course Technology 2011.
  • Related articles
  • Compendium.

Replacement course for